Antivirus

Avast security tools hijacked in order to crack antivirus protection

Researchers spot new campaign that can turn off antivirus protection Malware uses legitimate Avast Anti-Rootkit driver to access kernel level Once antivirus is deactivated, the malware can proceed without detection Hackers are using a legitimate Avast Anti-Rootkit driver to disguise their malware, turn off antivirus protection, and infect systems, experts have warned. The vulnerable driver


  • Researchers spot new campaign that can turn off antivirus protection
  • Malware uses legitimate Avast Anti-Rootkit driver to access kernel level
  • Once antivirus is deactivated, the malware can proceed without detection

Hackers are using a legitimate Avast Anti-Rootkit driver to disguise their malware, turn off antivirus protection, and infect systems, experts have warned.

The vulnerable driver has been exploited in a number of attacks since 2021, with the original vulnerabilities being present since at least 2016, research by Trellix, has claimed, noting the malware can use the vulnerable driver to end the processes of security software at the kernel level.

The malware in question belongs to the AV Killer family, with the attack using a vector known as bring-your-own-vulnerable-driver (BYOVD) to infect the system.

Virus can turn off antivirus

Trellix outlined how the malware uses a file named ‘kill-floor.exe’ to place the vulnerable driver named ‘ntfs.bin’ into the default Windows user folder, before using the Service Control executable (sc.exe) to register the driver using the ‘aswArPot.sys’ service.

Included within the malware is a hardcoded list of 142 processes used by common security products, which is used to check system process snapshots for any matches.

The malware then uses the ‘DeviceIoControl’ API to run the relevant commands to end the process, thereby preventing the antivirus from detecting the malware.

The hardcoded list includes processes belonging to a number of security products from names such as McAfee, Avast, Microsoft Defender, BlackBerry, Sophos, and many more.

As BleepingComputer points out, this isn’t the first time a BYOVD attack has exploited a vulnerable Avast driver, with the 2021 Avoslocker ransomware attacks abusing an Avast Anti-R

Read More

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Antivirus

Bitdefender Antivirus for Mac review: Excellent protection held back by frustrating flaws

Macworld At a GlanceExpert’s Rating Pros Excellent malware detection Fast scan performance Very low system impact Effective ransomware protection Generous 30-day free trial Cons InConsistent phishing protection Chat Protection needs improvement No scheduled scans Log export unavailable VPN requires separate subscription Our Verdict Bitdefender Antivirus for Mac remains one of the stronger security suites available

Macworld

At a GlanceExpert’s Rating

Pros

Excellent malware detection

Fast scan performance

Very low system impact

Effective ransomware protection

Generous 30-day free trial

Cons

InConsistent phishing protection

Chat Protection needs improvement

No scheduled scans

Log export unavailable

VPN requires separate subscription

Our Verdict
Bitdefender Antivirus for Mac remains one of the stronger security suites available for macOS…
Read More

Continue Reading
Antivirus

I Turned Off All Antivirus Protection for a Week. Here’s What I Learned

Disabling my antivirus for a week taught me that the most important security tool you have isn’t software…

Disabling my antivirus for a week taught me that the most important security tool you have isn’t software…
Read More

Continue Reading
Antivirus

Malware Has Gotten Smarter. Here’s How Your Antivirus Has, Too

Antivirus software used to hunt for known malware, but now it’s predicting suspicious behavior before an attack fully lands…

Antivirus software used to hunt for known malware, but now it’s predicting suspicious behavior before an attack fully lands…
Read More

Continue Reading
Antivirus

Why There’s Simply No Need For Android Antivirus Apps Anymore

Many Android users install an antivirus app on a new device without thinking twice. In 2026, there are good reasons to skip that step entirely…

Many Android users install an antivirus app on a new device without thinking twice. In 2026, there are good reasons to skip that step entirely…
Read More

Continue Reading